39001 matches found
JetBrains TeamCity 2023.05.3 - Remote Code Execution Exploit
Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: email protected - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on: 2023.05.3 -...
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Exploit
Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...
PCMan FTP Server 2.0 - (pwd) Remote Buffer Overflow Vulnerability
Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows XP SP3...
AdvantechWeb / SCADA 9.1.5U SQL Injection Vulnerability
AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability. ;; PostAuth SQLi in AdvantechWeb/SCADA 9.1.5U ;; ;; found: 28.12.2023 ;; ;; more: ;; https://code610.blogspot.com/2024/01/postauth-sqli-in-advantechwebscada-915u.html ;; POST...
Provide Server v.14.4 XSS - CSRF & Remote Code Execution Vulnerabilities
Provide Server v. 14.4 CVE-2023-23286 Vulnerabilities: CWE-79: Improper Neutralization of Input During Web Page Generation Unauthenticated stored XSS in server-log delivered via username field from login-form CWE-352: Cross-Site Request Forgery CSRF-token exposed in javascript, making it possible...
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration) Vulnerability
ADVISORY INFORMATION Exploit Title: GLPI v10.0.2 - SQL Injection Authentication Depends on Configuration Application: GLPI =10.0.0, 10.0.3 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
Simple Attendance System 1.0 Authentication Bypass Exploit
Exploit Title: Simple Attendance System v1.0 - Unauthenticated Add Admin Account Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
HP ThinPro 6.x / 7.x Privileged Command Injection Vulnerability
HP ThinPro - Privileged command injection =============================================================================== Identifiers ------------------------------------------------- CVE-2019-18910 CVSSv3 score ------------------------------------------------- 7.6...
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution Vulnerabilities
Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities. Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution The HTML version on "Multiple vulnerabilities found in Zyxe...
Petrol Pump Management Software v1.0 - (Address) Stored Cross Site Scripting Vulnerability
Exploit Title: Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0 Tested...
Quick TFTP Server Pro 2.1 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Quick TFTP Server Pro 2.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 12 january 2024 Vendor Homepage: https://www.tallsoft.com/ Download to demo:...
SolarView Compact 6.00 Remote Command Execution Exploit
This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running typically as...
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...
Wipro Holmes Orchestrator 20.4.1 File Disclosure Exploit
Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Log File Disclosure Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38283 import requests as rq import argparse import datetime import o...
WordPress WPSchoolPress 2.1.16 Plugin - (Multiple) Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.04 over WordPress...
Company's Recruitment Management System 1.0. - (title) Stored XSS Vulnerability
Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting XSS Exploit Author: Aniket Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Link:...
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service Exploit
Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version: Google Chrome 80.0.3987.87 Tested on: Windows x64 / Linux Debian x64 / MacOS CVE: CVE-2020-6404 PoC Video:...
Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities
Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...
Sitefinity 15.0 - Cross-Site Scripting Vulneraility
Exploit Title: Sitefinity 15.0 - Cross-Site Scripting XSS Exploit Author: Aldi Saputra Wahyudi Vendor Homepage: https://www.progress.com/sitefinity-cms Version:...
Flowise 1.6.5 - Authentication Bypass Vulnerability
Exploit Title: Flowise 1.6.5 - Authentication Bypass Exploit Author: Maerifat Majeed Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise/releases Version: 1.6.5 Tested on: mac-os CVE : CVE-2024-31621 The flowise version if req.url.includes'/api/v1/'...
pgAdmin 8.3 Remote Code Execution Exploit
pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target...
Karaf v4.4.3 Console - Remote Code Execution Exploit
!/usr/bin/python Exploit Title: Karaf v4.4.3 Console RCE Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-karaf-exploits.git Vendor Homepage: https://karaf.apache.org Software Link:...
SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting Vulnerability
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frappe Framework uses...
Ecommerse v1.0 - Cross-Site Scripting (XSS) Vulnerability
Title: Ecommerse v1.0 - Cross-Site Scripting XSS Author: nu11secur1ty Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website Description:...
Osprey Pump Controller 1.0.1 Authentication Bypass Exploit
Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system. !/usr/bin/env python Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification Vendor: ProPump and Controls,...
Senayan Library Management System 9.4.0 Cross Site Scripting Vulnerability
Title: Senayan Library Management System v9.4.0 a.k.a SLIMS 9 XSS-Reflected- PHPSESSID Hijacking Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://slims.web.id/web/news/rilis-9.4.0/ Reference:...
Doctors Appointment System 1.0 Cross Site Scripting / SQL Injection Vulnerabilities
Exploit Title: Doctor's Appointment System v1.0 - Cross-Site Scripting XSS Google Dork: N/A Exploit Author: Abdullah Zaid - @aznull Vendor Homepage: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html Software Link:...
WordPress Weblizar 8.9 Plugin - Backdoor Vulnerability
Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...
Webmin 1.984 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Webmin 1.984 - Remote Code Execution Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.webmin.com/ Software Link: https://github.com/webmin/webmin/archive/refs/tags/1.984.zip Version: = 1.984 Tested on: Ubuntu 18 Reference:...
Microsoft OMI Management Interface Authentication Bypass Exploit
This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...
Intellian / Sea Tel / SAILOR VSAT / RedPort maritime Exploit Pack
ever wondered how can someone hack into a ship/vessel/carrier/yacht? well here is the bundle targeting 3 major companies specialized in maritime satellite networks. in this bundle you get Intellian 3 root backdoors seatel 1 DOS sailor 2 sensitive information disclosure redport 1 admin busybox RCE...
OpenEMR 5.0.1.3 - Arbitrary File Actions Vulnerability
Exploit for linux platform in category web applications Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Version: 5.0.1.3 Teste...
Mail.com Email Remote Authentication bypass 0day Exploit
This 0day Vulnerability can reset any email on mail.com service. Material holder may access any email box. This is private exploit. You can buy it at https://0day.today...
Metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit
Exploit Title: metabase 0.46.6 - Pre-Auth Remote Code Execution Exploit Author: Musyoka Ian Vendor Homepage: https://www.metabase.com/ Software Link: https://www.metabase.com/ Version: metabase 0.46.6 Tested on: Ubuntu 22.04, metabase 0.46.6 CVE : CVE-2023-38646 !/usr/bin/env python3 import socke...
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization Vulnerability
Gentics CMS version 5.36.29 suffers from persistent cross site scripting and unsafe java deserialization vulnerabilities. ======================================================================= title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable...
Wordpress WPForms 1.5.9 Plugin - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson Varghese Behanan Author Advisor...
Android Binder - Use-After-Free Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Binder Use-After-Free Exploit", 'Description' = %q , 'License' = MSFLICENSE, 'Author' = 'Jann Horn', discovery and exploit 'Maddie Stone'...
Joomla 1.5 - 3.4.5 - HTTP Header Unauthenticated Remote Code Execution Exploit
Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...
Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting Vulnerability
Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site Scripting XSS Affected Component Login page get parameter 'msg' is vulnerable to Reflected Cross site scripting CVE Reference CVE-2024-44449 Security Issue Cross Site Scripting...
Monstra CMS 3.0.4 - Remote Code Execution Exploit
Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: MacOS import requests import random import string import time import re import sys if...
Rocket LMS 1.9 - Persistent Cross Site Scripting Vulnerability
Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome Browsers Patched...
BMC Compuware iStrobe Web - 20.13 - Pre-auth Remote Code Execution Exploit
!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...
XAMPP - Buffer Overflow Exploit
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...
Linux io_uring __io_uaddr_map() Dangerous Multi-Page Handling Exploit
iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting Vulnerability
Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting XSS Google Dork: N/A Exploit Author: Harshit Joshi Vendor Homepage: https://community.broadcom.com/home Software Link: https://www.broadcom.com/products/identity/siteminder Version: 12.52 Tested on: Linux, Windows CVE:...
Clansphere CMS 2011.4 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Vendor Homepage: https://www.csphere.eu/ Version: 2011.4 Tested on: Windows & XAMPP == Tutorial http://HOST/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into the username of the...
Blink1Control2 2.2.7 - Weak Password Encryption Exploit
// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const ArgumentParser =...
Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit
Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...
DirtyCow Local Root Proof Of Concept Exploit
Exploit for linux platform in category local exploits / uncomment correct payload first x86 or x64! $ gcc cowroot.c -o cowroot -pthread $ ./cowroot DirtyCow root privilege escalation Backing up /usr/bin/passwd.. to /tmp/bak Size of binary: 57048 Racing, this may take a while.. /usr/bin/passwd...